Reverse Engineering Remote Control Power Sockets - Part 4: Setting up a development environment for the Raspberry Pi

Michael Hornung

2020-03-01 20:52

If you've read the first blog post of this series, you already know that the intention of this project is to replace the remote control of these devices by a cheap 433 MHz transceiver and a microcontroller platform. The first target of choice is a Raspberry Pi Model B Rev 2, containing a Broadcom BCM2835 System on a chip (SoC) with an ARM1176JZF-S 700 MHz processor.

Host system (Arch Linux, x64)

Cross-Toolchain

In order to cross-compile applications for the Raspberry Pi on the host system, a cross-toolchain is needed. The Raspberry Pi Github tools repository comes with a ready to use toolchain. The installation is as easy as this:

git clone http://github.com/raspberrypi/tools
sudo cp -r tools/arm-bcm2708/gcc-linaro-arm-linux-gnueabihf-raspbian-x64 /opt/
export PATH=$PATH:/opt/gcc-linaro-arm-linux-gnueabihf-raspbian-x64/bin

C library for controlling Broadcom BCM2835 GPIOs

Switching a power socket requires sending the appropriate code bits by switching the 433 MHz transceiver's data pin. The data pin shall be connected to a Rasperry Pi General-purpose input/output (GPIO) pin, which shall be controlled by a C program utilizing the bcm2835 C library. The library can be installed as follows:

wget http://www.airspayce.com/mikem/bcm2835/bcm2835-1.59.tar.gz
tar xvf bcm2835-1.59.tar.gz
cd bcm2835-1.59
export PATH=$PATH:/opt/gcc-linaro-arm-linux-gnueabihf-raspbian-x64/bin
./configure --host=arm-linux-gnueabihf
make
sudo make install

Hello world program

Makefile

CFLAGS =  -DDEBUG
CFLAGS += -Wall -Werror
CFLAGS += -Wmissing-prototypes -Wmissing-declarations
CFLAGS += -Wstrict-prototypes -Wpointer-arith -Wwrite-strings
CFLAGS += -Wcast-qual -Wcast-align -Wbad-function-cast
CFLAGS += -Wformat-security  -Wformat-nonliteral -Wmissing-format-attribute
CFLAGS += -Winline -W -pedantic -funsigned-char

ARCH := $(shell uname -m)

ifeq ($(ARCH),x86_64)
ARCH=arm
CROSS_COMPILE=arm-linux-gnueabihf-
CC=$(CROSS_COMPILE)gcc
INCLUDES=-I/usr/local/include/
LIBS=-L/usr/local/lib
endif

sswitch:
              $(CC) $(CFLAGS) $(INCLUDES) $(LIBS) -o toggle toggle.c -l bcm2835

clean:
              -@rm -rf *.o *~ toggle 2>/dev/null || true

toggle.c

#include <bcm2835.h>

#define PIN RPI_GPIO_P1_07 /* GPIO 4 */

int main(void)
{
      /* Initialize the IO pin */
      if (!bcm2835_init()) {
              return -1;
      }

      /* Set the pin to be an output */
      bcm2835_gpio_fsel(PIN, BCM2835_GPIO_FSEL_OUTP);

      while (1) {
                bcm2835_gpio_write(PIN, HIGH);
                delayMicroseconds(1000);
                bcm2835_gpio_write(PIN, LOW);
                delayMicroseconds(1000);
      }

      return 0;
}

The program can be built as follows:

make

If everything went well, the make command should have produced a toggle binary compiled for the ARM platform:

file toggle
toggle: ELF 32-bit LSB executable, ARM, EABI5 version 1 (SYSV), dynamically linked, interpreter /lib/ld-linux-armhf.so.3, for GNU/Linux 2.6.26, BuildID[sha1]=965aa16a5ff6a190f6005eb3b825af56df701a8e, not stripped

Installing the target operating system

Since the standard Linux kernel does not have real-time capabilities by default, reaching the appropriate timing characteristics for a codeword is not trivial. Using a blown up distribution like Raspbian will make things even harder.

Arch Linux ARM is a lightweight alternative and the choice for this project. The image will be installed to a 16 GB SD card.

The Arch Linux ARM project website provides excellent installation instructions (see tab Installation).

After the installation, put the SD card into the Raspberry Pi, connect it to the Ethernet and power it up. Use nmap to gather it's IP address:

nmap 192.168.1.0/24 | grep alarmpi
Nmap scan report for alarmpi.fritz.box (192.168.1.19)

Finally copy the first program to the target and log in via SSH:

scp Makefile toogle.c alarm@alarmpi:~/hackstock/toggle
ssh alarm@alarmpi.fritz.box

Target system (Arch Linux ARM)

Before doing anything on the target system, fix the weird issue with backspace not working:

export TERM=rxvt

Package manager initialization

After the Raspberry Pi has booted up for the first time, initialize the package manager as follows:

su -c 'pacman-key --init'
su -c 'pacman-key --populate archlinuxarm'

Tools

The follwing packages are necessary for development purposes:

su -c 'pacman -S wget gcc make'

C library for controlling Broadcom BCM2835 GPIOs

Before the test program can be compiled on the target system, the bcm2853 library needs to be installed:

wget http://www.airspayce.com/mikem/bcm2835/bcm2835-1.59.tar.gz
tar xvf bcm2835-1.59.tar.gz
cd bcm2835-1.59
./configure
make
su -c 'make install'

Building the program

cd ~/hackstock/toggle
make

Running the program

Trying to run the program as user alarm fails with the following error message:

./toggle
bcm2835_init: Unable to open /dev/gpiomem: Permission denied

Running the program as root is a quick fix but not a good idea in general, we'll fix that issue later.

su -c './toggle'

Looking at GPIO4 with an Oscilloscope shows the expected behaviour, the pin toggles between HIGH and low with a periodic time of 2 seconds.